My domain is: mail.lucakrebs.de
I ran this command: certbot certonly -d mail.lucakrebs.de --rsa-key-size 4096 --must-staple
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
The following errors were reported by the server:
The server could not connect to the client to verify the domain
Detail: Fetching http://mail.lucakrebs.de/.well-known/acme-challenge/oqxBnDBSu7lo_iaadelhgnjRDPCeUMLFqfLYt0-qzEo: Timeout
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
My web server is (include version): No Webserver installed, but I tried already with apache2
The operating system my web server runs on is (include version): Debian 9.4
My hosting provider, if applicable, is: Hetzner
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
Hey, I’m not new to certbot, so this is a but confusing to me.
I have 2 vServers, one on the
IPv4 22.214.171.124 (lucakrebs.de) / IPv6 2a01:4f8:c0c:36c::2 (lucakrebs.de)
and one on the
IPv4 126.96.36.199 (mail.lucakrebs.de) / IPv6 2a01:4f8:1c0c:40a6::1 (mail.lucakrebs.de)
On the first one (lucakrebs.de) anything is set up perfectly correct for over an year now. I even scored A+ on ssllabs for over an year now, however, since 2 days, I’m trying to figure out why I get the above error on my second vServer (mail.lucakrebs.de).
I need the certificate for an docker mailcow mailserver.
As you can see here: https://acme-v01.api.letsencrypt.org/acme/authz/oqxBnDBSu7lo_iaadelhgnjRDPCeUMLFqfLYt0-qzEo
Acme gets the DNS records and all this correct, but anyways, it just wont work.
I can access the server perfectly over port 80/tcp and port 443/tcp, so no Firewall error here (Currently got it offline, because of some settings im going to change) but somehow acme gets an timeout.
Anyone got an idea?